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DETAILED ACTION 

1 . This action is responding to application amendments filed on 1 1-25-2008. 

2. Claims 1, 4 - 21, 23 - 25, 27 - 29, 31, 32, 34 - 37, 39 - 42, 44 - 47 are pending. 
Claims 1, 4 - 7, 21, 23 - 25, 27 - 29, 31, 32, 34 - 37, 39 - 42, 44 - 47 have been 
amended. Claims 2, 3, 22, 26, 30, 33, 38, 43 have been cancelled. Claims 1, 8, 18, 
21, 25, 29 are independent. This application was filed on 4-12-2004. 

Response to Arguments 

3. Applicant's arguments filed 1 1 -25-2008 have been fully considered but they were 
not persuasive. 

3,1 Applicant argues the 112 rejection (see Remarks Pages 2-3); a number of digital 
signatures and the number of digital signatures (see Remarks Pages 4-9). 

The 1 1 2 rejection will be maintained. The wording of the claim limitation indicates 
that there is a specific defined parameter containing the number of signatures required 
for authentication. The specification indicates information for one or more digital 
signatures but there is no indication of a parameter to indicate a specific number. The 
Examiner feels the definition of a parameter is what the claim limitation indicates. 

The Bosier prior art discloses that digital signature information used for 
authentication is transferred between network connected nodes, (see Bosier paragraph 
[0058], lines 21-28: receive security information with directive (i.e. command, 
management message); paragraph [0058], iines 5-14: digital signature authentication; 
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paragraph [0089], lines 1-5: appiy directives or commands after authentication) 

3.2 Applicant argues that the referenced prior art does not disclose, collective 
authority for authentication; a number of digital signature are required for authentication, 
(see Remarks Pages 4-9) 

The Kinnis prior art discloses the authentication (or verification) of more than one 
digital signatures. The Kinnis prior art discloses that when a second digital signature is 
appended, the integrity of the first digital signature is maintained. A document and a 
first digital signature of a first signer are encapsulated into a file, which is signed by a 
second digital signature of a second signer. This encapsulation process can be 
completed for two or more digital signatures. The verification of each digital signature is 
required in order to authenticate the original document. This is equivalent to the 
claimed collective authority. (Kinnis Figure 9 (945; 975); col. 10, lines 38-67: verify 
multiple signatures (first, second); authenticated; col. 11, lines 9-38: digital service used 
to enter into contracts between two or more parties; digital service has application for 
use as a contract or document control and security mechanism) 

The Bosier prior art discloses a network management system for the management 
of interconnected network entities or nodes. The Bosier prior art discloses a public key 
infrastructure and digital signature as an authentication mechanism. And, the Bosier 
prior art discloses the completion of authentication before configuration commands or 
directives are processed by a second management. The Bosier prior art discloses the 
authentication or verification of a digital signature (hash), (see Bosier paragraph [0078], 
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lines 1-15: if first hash matches second hash, then authentication successful) 

3.4 Applicant argues that the referenced prior art does not disclose, time period for 
application of a digital signature, (see Remarks Page 9) 

The Sudia prior art discloses a valid time period for the application of a digital 
signature, (see Sudia paragraph [0249], lines 1-14: time limit (expiration period) for 
certificate (key information)) 

3.5 Applicant argues that the referenced prior art does not disclose, dependent 
claims, (see Remarks Pages 13-14) 

Arguments for dependent claims are based upon above arguments for 
independent claims. The successful responses to arguments for independent claims 
also successfully respond to the current arguments against the dependent claims. 

3.6 The Bosier prior art discloses the usage of digital signatures for authentication or 
verification. The specification specified "combined authority" is equivalent to a 
determination of whether an entity is authorized. The Bosier prior art discloses whether 
an entity is authorized to make a configuration change, (see Bosier paragraph 
[0078], lines 1-15: if both hash values match, then, the message (configuration directive) 
is authentication (verified, authorized) and can be processed) And, the Kinnis prior art 
discloses the usage of more than one digital signature in authentication. Each 
additional digital signature is verified or authorized (equivalent to combined authority), 
(see Kinnis coi. 10, lines 38-67: authentication (verification) of multiple signatures) 
And, the Sudia prior art discloses an expiration time period for digital certificates. 
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There is no disciosure in the Kinnis prior art to discredit or discourage the usage of 
any type of combined authority. Therefore, the Kinnis prior art does not teach away 
from the usage of combined authority in the authentication process. The Kinnis prior 
art discloses the authentication of multiple signatures. The Kinnis prior art discloses 
that when two digital signatures are utilized the first digital signature's integrity is 
maintained to ensure it is used for authentication along with the second digital 
signature. 

Claim Rejections - 35 (JSC § 112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shaii contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 1, 21, 25, 29 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The ciaim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. There is no disclosure for the claim limitation 
"defining a number of required signatures and required principals" in the specification or 
the original claims. There is no disclosure for a parameter indicating a number of 
required signatures and a number of associated principals. The specification merely 
indicates that one or more digital signatures are defined. There is still no disclosure for 
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defining a parameter indicating the number of digital signatures required for verification 
purposes. 

Appropriate correction required. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

7. Claims 1 , 4 - 7, 21 , 23 - 25, 27 - 29, 31 , 32, 34 - 37, 39 - 42, 44 - 47 are rejected 
under 35 U.S.C. 103 (a) as being unpatentable over Bosler et al. (US Patent No. 
20050010757) in view of Kinnis et al. (US Patent No. 6,959,382). 

With Regards to Claims 1, 21, 25, Bosler discloses a method, a computer-readable 
volatile or non-volatile medium storing one or more sequences of instructions, 
apparatus comprising the computer implemented steps of: 

a) receiving trust information defining one or more trusted signatories; (see Bosler 
paragraph [0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: 
CAs (i.e. trusted signatories) distributing or granting certificates, received by 
user) 

b) receiving, in association with a particular configuration directive, security 



Application/Control Number: 10/822,927 Page 7 

Art Unit: 2436 

information defining a number of required signatures and required principals; 
(see Bosler paragraph [0058], lines 21-28: receive security information with 
directive (i.e. command, management message); paragraph [0058], lines 5-14: 
digital signature authentication; there is no disclosure for a parameter indicating a 
number or count of signatures) 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, and one or more digital signatures of the hostname and configuration 
directives; (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) 

d) wherein the configuration information includes the particular configuration 
directive; (see Bosler paragraph [0058], lines 21-28: receive security information 
with directive (i.e. command, management message)) (see Bosler paragraph 
[0058], lines 21-28: receive (transfer) security information with directives (i.e. 
command, management message)); 

e) attempting to verify the one or more digital signatures based on the trust 
information; (see Bosler paragraph [0008], lines 7-13: verification digital signature 
based on certificates received from CA (i.e. trust information)) 

g) applying the configuration directives to the host network element only when the 
two of more digital signatures are verified successfully, (see Bosler paragraph 
[0057], lines 29-33: utilize directives or commands after digital signature 
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verification) 

h) wherein applying the configuration directives comprises applying the particular 
configuration directive only when the configuration information has the number of 
required signatures by the required principals, (see Bosler paragraph [0058], 
lines 21-28: receive security information with directive (i.e. command, 
management message); digital signature information (associated principals 
information); paragraph [0058], lines 5-14: digital signature authentication; 
paragraph [0069], lines 1-5: apply directives or commands after authentication; 
there is no disclosure for a parameter to indicate the number of required 
signatures by the required principals) 

Bosler discloses wherein verifying that one or more digital signatures, from the one 
or more digital signatures, are valid and that two or more principals respectively 
associated with the two or more digital signatures have collective authority to 
perform the configuration directives on the host network element; (see Bosler 
paragraph [0008], lines 7-13; paragraph [0078], lines 7-15: management information, 
verify digital signature) 
However, Kinnis discloses: 

f) verifying that two or more digital signatures are valid, (see Kinnis col. 10, lines 
38-67: verify multiple signature (first, second) authenticated; col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be 
added (integrity of first signature maintained when second signature appended; 
only usage for digital signature is verification or authentication of an entity or 
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user); col. 3, lines 28-30: used for authentication (verification) purposes; col. 4, 
lines 25-27: content of any type can be protected with digital signature; col. 4, 
lines 31-34: certificate from Certificate Authority (CA)) 
It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26: "... Accordingly, it is desirable to provide 
a means to generate digital signatures that are not specific to an application, such as 
an email client. The digital signature service also provides the functionality to obtain 
certificates, manage private-public keys, and generate digital signatures for 
documents that may be stored independent of other tools used by the user. ...") 

With Regards to Claim 4, Bosler discloses a method as recited in Claim 1 , 

a) wherein applying the particular configuration directive comprises applying the 
particular configuration directive only when the configuration information has the 
number of required signatures by the required principals and only upon 
successively validating all required signatures, (see Bosler paragraph [0058], 
lines 5-14: digital signature authentication; paragraph [0069], lines 1-5: apply 
directives or commands after authentication) 

With Regards to Claim 5, Bosler discloses a method as recited in claim 1 , wherein the 
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digital signatures use public key cryptography, and wherein public keys for the digital 
signatures are stored on the host, (see Bosler paragraph [0073], lines 4-7: security 
information stored in central location (i.e. host system), (i.e. option, each individual 
system or host)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 6, Bosler discloses a method as recited in Claim 1 , wherein the 
digital signatures use public key cryptography, wherein public keys for the digital 
signatures are stored on a key server and retrieved from the key server as part of 
attempting to validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: 
public key cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], 
lines 1-6: security information stored in central location or in each individual system or 
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host, certification server (i.e. key server)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 7, Bosler discloses a method as recited in Claim 1 , wherein the 
digital signatures use public key cryptography, and wherein public keys for the digital 
signatures are received in a digital certificate and extracted from the digital certificate as 
part of attempting to validate the digital signatures, (see Bosler paragraph [0058], lines 
5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate Authority (CA) , 
public key certificate; paragraph [0008], lines 7-13: verification (i.e. validation) with 
digital signature) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
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first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 23, 31, Bosler discloses a computer-readable volatile or non- 
volatile medium, apparatus as recited in any of Claims 21 , 29, wherein the digital 
signatures comprise a first digital signature of the one or more configuration directives 
by a first user, and a second digital signature by a second user, wherein the second 
digital signature is applied to a resultant of the first digital signature, (see Bosler 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
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used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 24, 32, Bosler discloses a method, computer-readable volatile 
or non-volatile medium, apparatus as recited in any of Claims 21 , 29, wherein the digital 
signatures comprise a first digital signature of a first portion of the one or more 
configuration directives by a first user, a second digital signature of a second portion of 
the one or more configuration directives by a second user, and a third digital signature 
by a third user, wherein the third digital signature is applied to a resultant of the first 
digital signature and the second digital signature, (see Bosler paragraph [0078], lines 7- 
15: comparison (i.e. is applied) of resultant hashes (i.e. digest, digital signature) for 
authentication) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 
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It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 27, Bosler discloses an apparatus as recited in Claim 25, 
wherein the digital signatures comprise a first digital signature of the one or more 
configuration directives by a first user, and a second digital signature by a second user, 
wherein the second digital signature is applied to a resultant of the first digital signature, 
(see Bosler paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant 
hashes (i.e. digest, digital signature) for authentication) 
Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
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With Regards to Claim 28, Bosler discloses an apparatus as recited in Claim 25, 
wherein the digital signatures comprise a first digital signature of a first portion of the 
one or more configuration directives by a first user, a second digital signature of a 
second portion of the one or more configuration directives by a second user, and a third 
digital signature by a third user, wherein the third digital signature is applied to a 
resultant of the first digital signature and the second digital signature, (see Bosler 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

With Regards to Claim 29, Bosler discloses an apparatus for verifying configuration 
changes for network devices using digital signatures, comprising: a network interface 
that is coupled to the data network for receiving one or more packet flows therefrom; 

a) a processor; (see Bosler paragraph [0067], lines 4-8: processor) 

one or more stored sequences of instructions which, when executed by the 
processor, cause the processor to carry out the steps of: 

b) receiving trust information defining one or more trusted signatories; (see Bosler 
paragraph [0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: 
CAs (i.e. trusted signatories) distributing or granting certificates, received by 
user) 

c) receiving configuration information comprising a hostname, one or more 
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configuration directives for a host network element associated with the 
hostname, and one or more digital signatures of the hostname and configuration 
directives; (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) 

d) attempting to verify the one or more digital signatures based on the trust 
information; (see Bosler paragraph [0008], lines 7-13: verify digital signature) 

e) verifying that two or more digital signatures, from the one or more digital 
signatures, are valid and that two or more principals respectively associated with 
the two or more digital signatures have collective authority to perform the 
configuration directives on the host network element; (see Bosler paragraph 
[0008], lines 7-13: verify digital signature) 

f) applying the configuration directives to the home network element only when the 
one or more digital signatures are verified successfully, (see Bosler paragraph 
[0058], lines 5-14; paragraph [0069], lines 1-5: signature verification, process 
directive) 

Bosler discloses wherein verifying that one or more digital signatures, from the one 
or more digital signatures, are valid and that two or more principals respectively 
associated with the two or more digital signatures have collective authority to 
perform the configuration directives on the host network element; (see Bosler 
paragraph [0008], lines 7-13; paragraph [0078], lines 7-15: management information, 
verify digital signature) 
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However, Kinnis discloses: 

e) verifying that two or more digital signatures, from the one or more digital 
signatures, are valid, (see Kinnis col. 3, lines 3-24: first, second digital 
signatures for content, any number of signatures may be added; col. 3, lines 28- 
30: used for authentication purposes; col. 4, lines 25-27: content of any type can 
be protected with digital signature; col. 4, lines 31-34: certificate from Certificate 
Authority (CA)) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
enable the capability to utilize multiple digital signatures as taught by Kinnis. One of 
ordinary skill in the art would have been motivated to employ the teachings of Kinnis 
in order to obtain certificates, keys, and generate digital signatures that may be 
stored independent of other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 34, 39, 44, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21, 25, 29, further comprising 
instructions which, when executed by the one or more processors, cause the one or 
more processors to perform the steps of: receiving, in association with a particular 
configuration directive, security information defining a number of required signatures 
and required principals; applying the particular configuration directive only when the 
configuration information has the number of required signatures by the required 
principals and only upon successively validating all required signatures, (see Bosler 
paragraph [0058], lines 5-7: public/private key pair; paragraph [0060], lines 1-6: 
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Certificate Authority (CA) , public key certificate; paragraph [0008], lines 7-13; 
paragraph [0078], lines 7-15: verification (i.e. validation) with digital signature(s); 
paragraph [0057], lines 23-28; paragraph [0066], lines 1-4: software, implementation 
means) 

With Regards to Claims 35, 40, 45, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21, 25, 29, wherein the digital 
signatures use public key cryptography, and wherein public keys for the digital 
signatures are stored on the host network element, (see Bosler paragraph [0073], lines 
4-7: security information stored in central location (i.e. host system), (i.e. option, each 
individual system or host); paragraph [0057], lines 23-28; paragraph [0066], lines 1-4: 
software, implementation means) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
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other tools, (see Kinnis col. 2, lines 20-26) 
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With Regards to Claims 36, 41, 46, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21, 25, 29, wherein the digital 
signatures use public key cryptography, wherein public keys for the digital signatures 
are stored on a key server and retrieved from the key server as part of attempting to 
validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: public key 
cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], lines 1-6: 
security information stored in central location or in each individual system or host, 
certification server (i.e. key server); paragraph [0057], lines 23-28; paragraph [0066], 
lines 1-4: software, implementation means) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 
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With Regards to Claims 37, 42, 47, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21, 25, 29, wherein the digital 
signatures use public key cryptography, and wherein public keys for the digital 
signatures received in a digital certificate and extracted from the digital certificate as 
part of attempting to validate the digital signatures, (see Bosler paragraph [0058], lines 
5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate Authority (CA) , 
public key certificate; paragraph [0008], lines 7-13: verification (i.e. validation) with 
digital signature; paragraph [0057], lines 23-28; paragraph [0066], lines 1-4: software, 
implementation means) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 
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8. Claims 8 - 20 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Bosler-Kinnis and further in view of Sudia et al. (US Patent No. 20020013898). 

With Regards to Claim 8, Bosler discloses a method, comprising the computer 
implemented steps of: 

a) receiving a public key for a user of the network devices; receiving trust 
information defining one or more trusted signatories; (see Bosler paragraph 
[0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: CAs (i.e. 
trusted signatories) distributing or granting certificates) 

b) receiving configuration control information that includes a time period during 
which a valid digital signature is required for applying one or more particular 
configuration directives; (see Bosler paragraph [0071], lines 1-13; paragraph 
[0073], lines 77-22: time-based certificate, directive authentication) 

Bosler and Sudia disclose: 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, one or more digital signatures of the hostname and configuration 
directives, (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) and a date time value; (see Sudia paragraph 
[0249], lines 1-14: time limit (expiration period) for certificate (key information)) 

d) determining if the date time value is within the time period; (see Sudia paragraph 
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[0249], lines 1-14: time limit (expiration period) for certificate (key information))- 

e) determining if the one or more configuration directives have been previously 
received; (see Bosler paragraph [0069], lines 1-5: process configuration 
directive(s), commands) during the time period (see Sudia paragraph [0249], 
lines 1-14: time limit (expiration period) for certificate (key information)) and 

f) only when the date time value is within the time period (see Bosler paragraph 
[0073], lines 17-22: time based certificate) and the one or more configuration 
directives have not been previously received during the time period, attempting to 
verify the one or more digital signatures based on the trust information, and 
applying the configuration directives to a network element only when the one or 
more digital signatures are verified successfully, (see Sudia paragraph [0249], 
lines 1-14: time limit (expiration period) for certificate (key information)) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
use a time period to limit usage of the security information as taught by Sudia. One 
of ordinary skill in the art would have been motivated to employ the teachings of 
Sudia to provide a robust and easy-to-use mechanism in which authorizing agents 
can temporarily delegate their authorizing capability based on a time period, (see 
Sudia paragraph [001 1], lines 1-4: " ... A further object of the present invention is to 
provide a robust and easy-to-use mechanism in which authorizing agents can 
temporarily delegate their authorizing capability. ...") 

With Regards to Claims 9, 10, Bosler discloses a method as recited in Claim 8, 
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wherein the step of determining if the one or more configuration directives have been 
previously received during the time period comprises the steps of 

a) generating a secure hash of the one or more configuration directives; (see Bosler 
paragraph [0078], lines 3-15: generate secure hash value for authentication) 

b) determining if the secure hash is found in non volatile memory, (see Bosler 
paragraph [0078], lines 3-15; paragraph [0067], lines 4-8: memory, workspace for 
data processing: memory (i.e. non-volatile)) 

With Regards to Claim 11, Bosler discloses a method as recited in Claim 8, further 
comprising the step of storing the secure hash in non volatile memory, and the one or 
more configuration directives have not been previously received during the time period, 
(see Bosler paragraph [0067], lines 4-8: memory, workspace for data processing; 
paragraph [0078], lines 3-15: hash (i.e. digest) values utilized for authentication) 
Bosler does not specifically disclose an association with an expiration value, and when 
the date time value is within a time period. However, Sudia discloses wherein 
association with an expiration value, when the date time value is within the time period, 
(see Sudia paragraph [0249], lines 1-14: time limit (expiration period) for certificate (key 
information)) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to use 
a time period to limit usage of the security information as taught by Sudia. One of 
ordinary skill in the art would have been motivated to employ the teachings of Sudia to 
provide a robust and easy-to-use mechanism in which authorizing agents can 
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temporarily delegate their authorizing capability based on a time period, (see Sudia 
paragraph [0011], lines 1-4) 

With Regards to Claim 12, Bosler discloses a method as recited in Claim 8, further 
comprising the steps of verifying that the one or more digital signatures is valid and that 
one or more principals respectively associated with the digital signatures have collective 
authority to perform the directives on the host, (see Bosler paragraph [0058], lines 5-14: 
mutual authentication required before directive(s) or command(s) implemented) 



With Regards to Claims 13, 14, Bosler discloses a method as recited in Claim 8, 
further comprising the steps of 

a) receiving, in association with a particular configuration directive, security 
information defining a number of required signatures and required principals; 
(see Bosler paragraph [0058], lines 21-28: key, security information received with 
directive or command) 

b) applying the particular configuration directive only when the configuration 
information has the number of required signatures by the required principals and 
only upon successively validating all required signatures, (see Bosler paragraph 
[0058], lines 5-14; paragraph [0069], lines 1-5: validate digital signature, process 
directive or command) 



With Regards to Claim 15, Bosler discloses a method as recited in claim 1 , wherein 
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the digital signatures use public key cryptography, and wherein public keys for the 
digital signatures are stored on the host, (see Bosler paragraph [0073], lines 4-7: 
security information stored in central location (i.e. host system), (i.e. option, each 
individual system or host)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 16, Bosler discloses a method as recited in Claim 1 , wherein 
the digital signatures use public key cryptography, wherein public keys for the digital 
signatures are stored on a key server and retrieved from the key server as part of 
attempting to validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: 
public key cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], 
lines 1-6: security information stored in central location or in each individual system or 
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host, certification server (i.e. key server)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 17, Bosler discloses a method as recited in Claim 1 , wherein 
the digital signatures use public key cryptography, and wherein public keys for the 
digital signatures are received in a digital certificate and extracted from the digital 
certificate as part of attempting to validate the digital signatures, (see Bosler paragraph 
[0058], lines 5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate 
Authority (CA) , public key certificate; paragraph [0008], lines 7-13: verification (i.e. 
validation) with digital signature) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 



Application/Control Number: 10/822,927 Page 27 

Art Unit: 2436 

first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 18, Bosler discloses a method for verifying configuration 
changes for network devices using digital signatures, comprising the computer 
implemented steps of: 

a) receiving a public key for a user of the network devices; (see Bosler paragraph 
[0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: CAs (i.e. 
trusted signatories) distributing or granting certificates (i.e. public key certificate), 
received by user) 

b) receiving configuration control information that includes a time period during 
which a valid digital signature is required for applying one or more particular 
configuration directives to a specified network device; (see Bosler paragraph 
[0071], lines 1-13; paragraph [0073], lines 17-22: time based certificate) 

c) receiving configuration information comprising a hostname, one or more 
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configuration directives for the specified network device associated with the 
hostname, one or more digital signatures of the hostname and configuration 
directives, and a date time value; (see Bosler paragraph [0058], lines 5-14: 
management (i.e. configuration) information transferred between manager and 
client, digital signature verification required) 

e) determining if the one or more configuration directives have been previously 
received during the time period, by generating a secure hash of the one or more 
configuration directives and determining if the secure hash is found in memory; 
(see Bosler paragraph [0078], lines 3-15: hash (i.e. digest) utilized) and 

performing the steps of: 

g) attempting to verify the one or more digital signatures based on generating a 
secure hash of the one or more configuration directives using the public key and 
comparing the secure hash to the one or more digital signatures, and applying 
the configuration directives to a network element only when the one or more 
digital signatures are verified successfully, (see Bosler paragraph [0078], lines 3- 
15: hash generation, authentication) 

Sudia disclose: 

d) determining if the date time value is within the time period; (see Sudia paragraph 
[0249], lines 1-14: time limit (expiration period) for certificate (key information)) 

f) only when the date time value is within the time period and the one or more 
configuration directives have not been previously received during the time period, 
(see Sudia paragraph [0249], lines 1-14: time limit (expiration period) for 
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certificate (key information)) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 

use a time period to limit usage of the security information as taught by Sudia. One 

of ordinary skill in the art would have been motivated to employ the teachings of 

Sudia to provide a robust and easy-to-use mechanism in which authorizing agents 

can temporarily delegate their authorizing capability based on a time period, (see 

Sudia paragraph [0011], lines 1-4) 

With Regards to Claim 19, Bosler discloses a method, as recited in any of Claims 18, 
wherein the digital signatures comprise a first digital signature of the one or more 
configuration directives by a first user, and a second digital signature by a second user, 
wherein the second digital signature is applied to a resultant of the first digital signature, 
(see Bosler paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant 
hashes (i.e. digest, digital signature) for authentication) 
Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
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would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 20, Bosler discloses a method, as recited in any of Claim 1 8, 
wherein the digital signatures comprise a first digital signature of a first portion of the 
one or more configuration directives by a first user, a second digital signature of a 
second portion of the one or more configuration directives by a second user, and a third 
digital signature by a third user, wherein the third digital signature is applied to a 
resultant of the first digital signature and the second digital signature, (see Bosler 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
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other tools, (see Kinnis col. 2, lines 20-26) 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action, in the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
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Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Nasser G Moazzami/ Carlton V. Johnson 

Examiner 

Supervisory Patent Examiner, Art Unit 2436 Art Unit 2436 
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March 2, 2009 



